Malware Nuisance “Spyware Protect 2009” Hits Internet

Trend Micro researchers revealed that they have found another feature of the Conficker worm that gives extra inkling about the purpose of the creators. The worm downloads malware that seems to appear as antivirus software called "Spyware Protect 2009".

The Trend Micro blog says that with the installation of phony antivirus, the worm shows caution messages claiming that the system is tainted and offers to clean it up for $49.95. The infection alert appears constantly and experts are bothered that users may click on them and pay for the software just to do away with the bothersome messages, thus divulging their credit card details.

The Kaspersky Lab's blog claims that the bogus antivirus attempts to download a Trojan downloader that is planned to install latest "Spyware Protect 2009" software. Nevertheless, the blog also adds that the domain the Trojan downloader was being accessed from has now been closed.

Furthermore, the phony antivirus further accelerates the hearsay that intention behind the worm is to earn money and not to interrupt network or system operations.

Security researcher at Kaspersky Lab, Alex Gostev, informs that the first version of Conficker was discovered in November 2008, which also installed phony antivirus to the tainted system. He also adds that again after a period of 6 months, some unidentified hackers are using the similar technique, as per the news by ZDNET on April 9, 2009.

Alex claims that presently, the malicious antivirus hails from websites situated in Ukraine.

In the meantime, to avoid being victim of scareware program the security experts have advised that if a user views a scareware pop-up or some other similar signs on the system, it is crucial to know whether it is from a moderately undisruptive visit to a site or whether it is from a present malware infection such as Conficker.

For now, it is important to know that the Conficker worm has attacked several systems globally. The statistics reveal that just about 60% of the infections examined by IBM Internet Security Systems are located in Asia, followed by 18% in Europe and South America separately, and 4% in North America.